Skip Menu |

Subject: git commit
Download (untitled) / with headers
text/plain 1.1KiB

Don't create hostbased principals in new KDBs

Unix-like platforms do not provide a simple method to find the
fully-qualified local hostname as the machine is expected to appear to
other hosts. Canonicalizing the gethostname() result with
getaddrinfo() usually works, but potentially uses DNS. Now that
dns_canonicalize_hostname=true is no longer the default, KDB creation
would generally create the wrong host-based principals.

kadmin/hostname is unnecessary because the client software can also
use kadmin/admin, and kiprop/hostname is one of several principals
that must be created for incremental propagation.
Author: Greg Hudson <>
Commit: ac2b693d0ec464e0bcda4953acd79f201169f396
Branch: master
src/kadmin/dbutil/kadm5_create.c | 52 ++-------------------
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 35 +--------------
src/tests/dejagnu/krb-standalone/kadmin.exp | 7 ++-
src/tests/ | 1 +
src/tests/ | 1 +
5 files changed, 12 insertions(+), 84 deletions(-)